1.9 KiB
1.9 KiB
Document Owner Guidance
Purpose
This guidance note helps document owners maintain ISMS documents consistently and with the right level of quality.
Who This Is For
This note is for document owners, approvers, reviewers, and anyone asked to update controlled ISMS documents.
What Good Looks Like
A well-maintained ISMS document should:
- reflect how BlackDice actually operates
- avoid invented tools, teams, or approvals
- use clear ownership and review dates
- align with the related policy, standard, procedure, or register
- be specific enough to guide behaviour without turning policy into procedure
Practical Owner Checks
Before updating or approving a document, check:
- the metadata is complete and current
- the document purpose and scope still match reality
- cross-references point to the right current documents
- placeholders still in the document are genuinely unresolved
- statements about control operation are supportable with evidence
- the document still fits its type
Policy should say what BlackDice requires.
Standard should say what must be implemented.
Procedure should say how an activity is carried out.
Register or template should say what information must be recorded.
When A Document Should Be Updated
Review or update the document when:
- the review date is due
- a control or process changes materially
- audit or incident findings show it is inaccurate
- ownership changes
- supplier, legal, or customer obligations materially change the requirement
Common Mistakes To Avoid
- keeping placeholders that are already known
- writing future-state wording as if it is already operational
- duplicating the same requirement in too many places
- adding procedural detail into policy documents
- leaving evidence expectations unclear
Related Documents
../../00-governance/document-and-records-control-standard.md../../00-governance/isms-manual.md../../00-governance/information-security-policy.md